Resultados de encuesta a población de la ciudadela La Alborada

The Static MAC Address filter optimizes the performance of a wireless (and wired) network. With this feature configured, the AP device can block traffic between wired devices and wireless devices based on the MAC address.

For example, you can set up a Static MAC filter to prevent wireless clients from communicating with a specific server on the ethernet network. You can also use this filter to block unnecessary multicast packets from being forwarded to the wireless network.

Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each hexadecimal digit represents 4 bits (0 or 1)).

Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP device will look for when examining packets. The AP device uses Boolean logic to perform an “AND” operation between the MAC Address and the Mask at the bit level. A Mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a Mask of FF:FF:FF:FF:FF:FF applies only to the specified MAC Address.

For example, if the MAC Address is 00:20:A6:12:54:C3 and the Mask is FF:FF:FF:00:00:00, the AP device will examine the source and destination addresses of each packet looking for any MAC address starting with 00:20:A6. If the Mask is FF:FF:FF:FF:FF:FF, the AP device will only look for the specific MAC address (in this case, 00:20:A6:12:54:C3).

You can configure the Static MAC Address Filter parameters depending on the following scenarios:

• To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network, configure only the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to all zeros). • To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network, configure only

the Wireless MAC address and Wireless Mask (leave the Wired MAC Address and Wired Mask set to all zeros). • To prevent traffic between a specific wired MAC address and a specific wireless MAC address, configure all four

parameters. Configure the wired and wireless MAC address and set the wired and wireless mask to all Fs.

• To prevent all traffic from a specific wired Group MAC address from being forwarded to the wireless network, configure only the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to all zeros).

• To prevent all traffic from a specific wireless Group MAC address from being forwarded to the wired network, configure only the Wireless MAC address and Wireless Mask (leave the Wired MAC Address and Wired Mask set to all zeros).

• To prevent traffic between a specific wired Group MAC address and a specific wireless Group MAC address, configure all four parameters. Configure the wired and wireless MAC address and set the wired and wireless mask to all Fs.

5.8.2.1 Static MAC Filter Examples

Consider a network that contains a wired interface and three wireless clients. The MAC address for each unit is as follows: • Wired Interface: 00:40:F4:1C:DB:6A

• Wireless Client 1: 00:02:2D:51:94:E4 • Wireless Client 2: 00:02:2D:51:32:12 • Wireless Client 3: 00:20:A6:12:4E:38

Scenario Example Result

Prevent two specific devices from communicating

Configure the following settings to prevent the Wired Interface and Wireless Client 1 from communicating:

Wired MAC Address: 00:40:F4:1C:DB:6A Wired Mask: FF:FF:FF:FF:FF:FF

Wireless MAC Address: 00:02:2D:51:94:E4 Wireless Mask: FF:FF:FF:FF:FF:FF

Traffic between the Wired Interface and Wireless Client 1 is blocked. Wireless Clients 2 and 3 can still communicate with the Wired Interface.

Prevent multiple Wireless devices from

communicating with a single wired device

Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Interface:

Wired MAC Address: 00:40:F4:1C:DB:6A Wired Mask: FF:FF:FF:FF:FF:FF

Wireless MAC Address: 00:02:2D:51:94:E4 Wireless Mask: FF:FF:FF:00:00:00

When a bitwise “AND” is performed on the Wireless MAC Address and Wireless Mask, the result corresponds to any MAC address beginning with the 00:20:2D prefix. Since Wireless Client 1 and Wireless Client 2 share the same prefix (00:02:2D), traffic between the Wired Interface and Wireless Clients 1 and 2 is blocked. Wireless Client 3 can still communicate with the Wired Interface since it has a different prefix (00:20:A6).

Prevent all wireless devices from communicating with a single wired device

Configure the following settings to prevent all three Wireless Clients from communicating with Wired Interface 1:

Wired MAC Address: 00:40:F4:1C:DB:6A Wired Mask: FF:FF:FF:FF:FF:FF

Wireless MAC Address: 00:00:00:00:00:00 Wireless Mask: 00:00:00:00:00:00

The device blocks all traffic between Wired Interface 1 and all wireless clients.

Prevent a wireless device from communicating with the wired network

Configure the following settings to prevent Wireless Client 3 from communicating with any device on the ethernet:

Wired MAC Address: 00:00:00:00:00:00 Wired Mask: 00:00:00:00:00:00

Wireless MAC Address: 00:20:A6:12:4E:38 Wireless Mask: FF:FF:FF:FF:FF:FF

The device blocks all traffic between Wireless Client 3 and the ethernet network.

Navigate to CONFIGURATION > Filters > Static MAC Address Filters. The Static MAC Address Filters screen appears:

Figure 5-39 Static MAC Address Filters

Static MAC Address Filters screen contains a list of entries specifying the Wireless/Wired MAC addresses and Wireless/Wired MAC Mask to block the traffic between wired and wireless devices. To add an entry, click Add. The Static MAC Address Filter Add Row screen appears.

Figure 5-40 Static MAC Address Filter - Add Entries

Configure the following parameters:

Parameter Description

Wired MAC Address Specifies the MAC address of the device on the wired network that is restricted from communicating with a device on the wireless network. To configure, enter a Wired MAC Address.

Wired MAC Mask Specifies the range of the wired MAC addresses to which the filter is applied. To configure, enter a Wired MAC Mask.

Wireless MAC Address

Specifies the MAC address of the device on the wireless network that is restricted from communicating with a device on the wired network. To configure, enter a Wireless MAC Address.

Wireless MAC Mask Specifies the range of the wireless MAC addresses to which the filter is applied. To configure, enter a Wireless MAC Mask.

Comment Specifies the user-comment on a Static MAC Filter table entry. To configure, enter a comment.

Click Add, to save the configured entry.

:

• The maximum number of Static MAC Filters that can be added are 200.

• Wired and Wireless MAC Address cannot have broadcast and multicast MAC address.

5.8.3 Advanced Filters

The Advanced Filters feature enable you to block the specific IP Protocol traffic on the network.

To configure Advanced Filters, navigate to CONFIGURATION > Filters > Advanced Filters. The Advanced Filters screen appears.

Figure 5-41 Advanced Filters

Configure the following parameters:

Status Specifies the status of the newly created filter. Filters are applied between the wired and wireless devices, only when the status is enabled.

Click OK and COMMIT, to save the configured parameters.

To edit any protocol entry, click Edit. The Advanced Filters - Edit Entries screen appears.

Parameter Description

Proxy ARP Status Specifies the status of the Proxy ARP feature on the AP device. Functioning as a Proxy ARP,

the AP device helps:

– To reduce unnecessary flow of broadcast traffic to all the wireless clients, without disturbing every wireless client on the network.

– Power save the wireless clients as they need not wake up for ARP broadcasts. – The clients to learn the MAC addresses faster

When two clients connected to an AP device tries to communicate, they send an ARP request to get the MAC address of the destined client. AP device responds to this ARP request and looks for the MAC address of the destined client in its Proxy ARP table. On finding the MAC address, AP device forwards it to the client, without disturbing all the other wireless clients on the network. Client then updates its ARP table with the MAC address and forwards the ICMP packet to the intended wireless client via AP device.

By default, Proxy ARP Status is disabled. To enable this feature, select Enable from the drop down menu.

Advanced Filter Table

Advance Filter Table contains a list of all protocols on which Advanced Filtering is applied.

Protocol Name Specifies the protocol name that is to be filtered. By default, Advanced Filters are supported on the following five default protocols:

– Deny-IPX-RIP – Deny-IPX-SAP – Deny-IPX-LSP – Deny-IP-Broadcasts – Deny-IP-Multicasts

Direction Specifies the direction of an IP Protocol traffic. The direction can be enabled either for ethernet to wireless, wireless to ethernet or both ways.

Figure 5-42 Advanced Filters - Edit Entries

Modify the Direction and Status of the desired IP Protocol. Click OK and COMMIT, to save the configured parameters.